Overview Repositories Revisions Requests Users Attributes Meta

Revisions of mozilla-nss

Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 389)
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 388) 
- update to NSS 3.80
  * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
  * bmo#1617956 - Add support for asynchronous client auth hooks.
  * bmo#1497537 - nss-policy-check: make unknown keyword check optional.
  * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
                  by allocating it on initialization. Replaced
                  redundant code with assert. Debug builds: Added
                  buffer freeing/allocation for each record.
  * bmo#1773022 - Mark 3.79 as an ESR release.
  * bmo#1764206 - Bump nssckbi version number for June.
  * bmo#1759815 - Remove Hellenic Academic 2011 Root.
  * bmo#1770267 - Add E-Tugra Roots.
  * bmo#1768970 - Add Certainly Roots.
  * bmo#1764392 - Add DigitCert Roots.
  * bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
  * bmo#1366464 - Compare signature and signatureAlgorithm fields in
                  legacy certificate verifier.
  * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
  * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1760998 - Avoid data race on primary password change.
  * bmo#1769063 - Replace ppc64 dcbzl intrinisic.
  * bmo#1771036 - Allow LDFLAGS override in makefile builds.
- FIPS patch updates
- removed obsolete patches
  * nss-fips-tests-skip.patch
  * nss-fips-tls-allow-md5-prf.patch
buildservice-autocommit accepted request 985447 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 387) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 386) 
- sync with current SLE
  * latest FIPS changes incl. testsuite fixes (enabled now)
    nss-fips-180-3-csp-clearing.patch
    nss-fips-tests-enable-fips.patch
    nss-fips-tests-skip.patch
    nss-fips-pbkdf-kat-compliance.patch

- update to NSS 3.79
  * bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  * bmo#1766907 - Update mercurial in clang-format docker image.
  * bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  * bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  * bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  * bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside
                  indefinite GROUP.
  * bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed
                  ECPointFormat extension alerts.
  * bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on
                  unsupported ClientHello.legacy_version.
  * bmo#1764788 - Correct invalid record inner and outer content type alerts.
  * bmo#1757075 - NSS does not properly import or export pkcs12 files
                  with large passwords and pkcs5v2 encoding.
  * bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  * bmo#1767590 - Initialize pointers passed to
                  NSS_CMSDigestContext_FinishMultiple.
  * bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
buildservice-autocommit accepted request 980155 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 385) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 384) 
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
                  NSS_CMSDigestContext_FinishMultiple

- update to NSS 3.78
  * bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and
                  tests, zero-length record/fragment handling tests.
  * bmo#1294978 - Reworked overlong record size checks and added TLS1.3
                  specific boundaries.
  * bmo#1763120 - Add ECH Grease Support to tstclnt
  * bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
  * bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
  * bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
  * bmo#1762489 - Update zlib in NSS to 1.2.12.
buildservice-autocommit accepted request 974916 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 383) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 382) 
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
                  from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
                  sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
buildservice-autocommit accepted request 968290 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 381) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) accepted request 968285 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 380) 
- Require nss-util in nss.pc and subsequently remove -lnssutil3
buildservice-autocommit accepted request 967153 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 379) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 378) 
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
                  nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
                  certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
                  in handshake message.
buildservice-autocommit accepted request 965234 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 377) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) accepted request 964904 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 376) 
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
buildservice-autocommit accepted request 960367 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 375) 
baserev update by copy to link target
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 374) 
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
                  extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
                  by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
                  only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 373) 
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
                 OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
                  certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
                  CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 371) 
  MFSA 2021-51 (bsc#1193170)
Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) committed (revision 370) 
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures

- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
                  regression in about:logins
Displaying revisions 61 - 80 of 449
openSUSE Build Service is sponsored by
Places